Total CVEs
16260
last 90 days
Avg Priority
36.8
of max 220
KEV
42
actively exploited
POC
3307
public exploits
Unpatched
4704
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 47 |
CVE-2026-32987
OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during dev
|
| 47 |
CVE-2026-6117
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affect
|
| 47 |
CVE-2026-24956
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2025-69338
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2025-69366
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-5535
A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts
|
| 47 |
CVE-2025-69310
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2025-69304
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-6590
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function
|
| 47 |
CVE-2025-69337
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2025-69365
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0
|
| 47 |
CVE-2025-69307
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2025-69308
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2025-69295
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-28115
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-32630
## Summary
A crafted ZIP file can trigger excessive memory growth during type d
|
| 47 |
CVE-2025-69306
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2025-69309
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2020-37091
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability t
|
| 47 |
CVE-2026-5812
A security flaw has been discovered in SourceCodester Pharmacy Product Managemen
|
| 47 |
CVE-2025-69305
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-34361
## Summary
The FHIR Validator HTTP service exposes an unauthenticated `/loadIG`
|
| 47 |
CVE-2026-35459
## Summary
The fix for CVE-2026-33992 (GHSA-m74m-f7cr-432x) added IP validation
|
| 47 |
CVE-2026-28225
Manyfold is an open source, self-hosted web application for managing a collectio
|
| 47 |
CVE-2026-1736
A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is t
|
| 47 |
CVE-2026-6601
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts
|
| 47 |
CVE-2025-21589
An Authentication Bypass Using an
Alternate Path or Channel vulnerability in Jun
|
| 47 |
CVE-2024-50337
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId fu
|
| 47 |
CVE-2026-5181
A vulnerability has been found in SourceCodester Simple Doctors Appointment Syst
|
| 47 |
CVE-2026-5615
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected eleme
|
| 47 |
CVE-2020-37026
Sickbeard alpha contains a cross-site request forgery vulnerability that allows
|
| 47 |
CVE-2026-6201
A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted
|
| 47 |
CVE-2026-32663
The WebSocket backend uses charging station identifiers to uniquely associate se
|
| 47 |
CVE-2026-27649
The WebSocket backend uses charging station identifiers to uniquely associate se
|
| 47 |
CVE-2026-24055
Langfuse is an open source large language model engineering platform. In version
|
| 47 |
CVE-2024-26478
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive informat
|
| 47 |
CVE-2026-2521
A weakness has been identified in Open5GS up to 2.7.6. This issue affects the fu
|
| 47 |
CVE-2026-5194
Missing hash/digest size and OID checks allow digests smaller than allowed when
|
| 47 |
CVE-2026-27797
Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated
|
| 47 |
CVE-2025-69253
free5GC is an open-source project for 5th generation (5G) mobile core networks.
|
| 47 |
CVE-2026-6609
A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected ele
|
| 47 |
CVE-2026-5472
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6f
|
| 47 |
CVE-2026-29191
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.
|
| 47 |
CVE-2026-4589
A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is
|
| 47 |
CVE-2026-4907
A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093e
|
| 47 |
CVE-2026-6618
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the fu
|
| 47 |
CVE-2026-6634
A weakness has been identified in usememos memos up to 0.22.1. This affects the
|
| 47 |
CVE-2026-28288
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses f
|
| 47 |
CVE-2026-6613
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affe
|
| 47 |
CVE-2026-6564
A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted eleme
|
| 47 |
CVE-2026-5607
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0
|
| 47 |
CVE-2026-6616
A security vulnerability has been detected in TransformerOptimus SuperAGI up to
|
| 47 |
CVE-2026-6617
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability
|
| 47 |
CVE-2026-6571
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by t
|
| 47 |
CVE-2026-5259
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affect
|
| 47 |
CVE-2026-6614
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14.
|
| 47 |
CVE-2026-5470
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e06
|
| 47 |
CVE-2026-33136
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below hav
|
| 47 |
CVE-2018-25190
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows u
|
| 47 |
CVE-2026-5157
A vulnerability was identified in code-projects Online Food Ordering System 1.0.
|
| 47 |
CVE-2026-5316
A vulnerability was identified in Nothings stb up to 1.22. The impacted element
|
| 47 |
CVE-2026-5255
A vulnerability was detected in code-projects Simple Laundry System 1.0. This af
|
| 47 |
CVE-2026-4898
A vulnerability was identified in code-projects Online Food Ordering System 1.0.
|
| 47 |
CVE-2026-5317
A security flaw has been discovered in Nothings stb up to 1.22. This affects the
|
| 47 |
CVE-2026-6035
A vulnerability has been found in code-projects Vehicle Showroom Management Syst
|
| 47 |
CVE-2026-6159
A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affect
|
| 47 |
CVE-2026-5541
A vulnerability was found in code-projects Simple Laundry System 1.0. This issue
|
| 47 |
CVE-2026-5620
A vulnerability has been found in itsourcecode Construction Management System 1.
|
| 47 |
CVE-2026-5314
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function s
|
| 47 |
CVE-2026-5542
A vulnerability was determined in code-projects Simple Laundry System 1.0. Impac
|
| 47 |
CVE-2026-4849
A vulnerability was identified in code-projects Simple Laundry System 1.0. This
|
| 47 |
CVE-2026-6032
A vulnerability was found in code-projects Simple Laundry System 1.0. This impac
|
| 47 |
CVE-2026-5539
A flaw has been found in code-projects Simple Laundry System 1.0. This affects a
|
| 47 |
CVE-2026-5625
A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This i
|
| 47 |
CVE-2026-2894
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vul
|
| 47 |
CVE-2026-5015
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted eleme
|
| 47 |
CVE-2026-4877
A security flaw has been discovered in itsourcecode Payroll Management System up
|
| 47 |
CVE-2026-6150
A vulnerability has been found in code-projects Simple Laundry System 1.0. This
|
| 47 |
CVE-2026-5328
A weakness has been identified in shsuishang modulithshop up to 829bac71f507e846
|
| 47 |
CVE-2026-6034
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. I
|
| 47 |
CVE-2026-33134
WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below con
|
| 47 |
CVE-2026-27796
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all
|
| 47 |
CVE-2026-1739
A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the func
|
| 47 |
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by thi
|
| 47 |
CVE-2025-69208
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source pro
|
| 47 |
CVE-2026-2667
A vulnerability has been found in Rongzhitong Visual Integrated Command and Disp
|
| 47 |
CVE-2026-27643
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source pro
|
| 47 |
CVE-2026-5533
A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element
|
| 47 |
CVE-2026-32295
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force att
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2306d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2119d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1733d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2236d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4983d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1006d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3761d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 908d |